/*----- Cipher selections -------------------------------------------------*/
-typedef struct algswitch {
- const gccipher *c; /* Symmetric encryption scheme */
- const gccipher *mgf; /* Mask-generation function */
+typedef struct keyset keyset;
+typedef struct algswitch algswitch;
+
+typedef struct bulkcrypto {
+ const char *name;
+ unsigned prim;
+ int (*check)(const algswitch */*a*/, dstr */*e*/);
+ size_t (*overhead)(const algswitch */*a*/);
+ int (*encrypt)(keyset */*ks*/, unsigned /*ty*/, buf */*b*/, buf */*bb*/);
+ int (*decrypt)(keyset */*ks*/, unsigned /*ty*/,
+ buf */*b*/, buf */*bb*/, uint32 */*seq*/);
+} bulkcrypto;
+
+#define BCP_CIPHER 1
+#define BCP_MAC 2
+#define BCP_BLKC 4
+
+struct algswitch {
const gchash *h; /* Hash function */
+ const gccipher *mgf; /* Mask-generation function */
+ const struct bulkcrypto *bulk; /* Bulk crypto transformation */
+ const gccipher *c; /* Symmetric encryption scheme */
const gcmac *m; /* Message authentication code */
+ const gccipher *b; /* Block cipher */
size_t hashsz; /* Hash output size */
size_t tagsz; /* Length to truncate MAC tags */
size_t expsz; /* Size of data to process */
- size_t cksz, mksz; /* Key lengths for @c@ and @m@ */
-} algswitch;
+ size_t cksz, mksz, bksz; /* Key lengths for things */
+};
typedef struct kdata {
unsigned ref; /* Reference counter */
#define HASH_STRING(h, s) GH_HASH((h), (s), sizeof(s))
+extern const struct bulkcrypto bulktab[];
+
/*----- Data structures ---------------------------------------------------*/
/* --- Socket addresses --- *
* expiry.
*/
-typedef struct keyset {
+struct keyset {
struct keyset *next; /* Next active keyset in the list */
unsigned ref; /* Reference count for keyset */
struct peer *p; /* Pointer to peer structure */
unsigned long sz_exp, sz_regen; /* Data limits for the keyset */
T( unsigned seq; ) /* Sequence number for tracing */
unsigned f; /* Various useful flags */
- gcipher *cin, *cout; /* Keyset ciphers for encryption */
+ const bulkcrypto *bulk; /* Bulk crypto transform */
size_t tagsz; /* Length to truncate MAC tags */
- gmac *min, *mout; /* Keyset MACs for integrity */
+ struct ksdir {
+ gcipher *c; /* Keyset cipher for encryption */
+ gmac *m; /* Keyset MAC for integrity */
+ gcipher *b; /* Block cipher, just in case */
+ } in, out;
uint32 oseq; /* Outbound sequence number */
seqwin iseq; /* Inbound sequence number */
-} keyset;
+};
#define KSF_LISTEN 1u /* Don't encrypt packets yet */
#define KSF_LINK 2u /* Key is in a linked list */
/*----- Other macros ------------------------------------------------------*/
-#define TIMER noise_timer(RAND_GLOBAL)
+#define QUICKRAND \
+ do { rand_quick(RAND_GLOBAL); noise_timer(RAND_GLOBAL); } while (0)
/*----- Key management ----------------------------------------------------*/
* ought to be replaced' notification is only ever given once
* for each key. Also note that this call forces a keyset to be
* used even if it's marked as not for data output.
+ *
+ * The encryption transform is permitted to corrupt @buf_u@ for
+ * its own purposes. Neither the source nor destination should
+ * be within @buf_u@; and callers mustn't expect anything stored
+ * in @buf_u@ to still
*/
extern int ks_encrypt(keyset */*ks*/, unsigned /*ty*/,
* Use: Attempts to decrypt a message using a given key. Note that
* requesting decryption with a key directly won't clear a
* marking that it's not for encryption.
+ *
+ * The decryption transform is permitted to corrupt @buf_u@ for
+ * its own purposes. Neither the source nor destination should
+ * be within @buf_u@; and callers mustn't expect anything stored
+ * in @buf_u@ to still
*/
extern int ks_decrypt(keyset */*ks*/, unsigned /*ty*/,
*
* Arguments: @dstr *d@ = where to leave the formatted message
* @const char *fmt@ = pointer to format string
- * @va_list ap@ = arguments in list
+ * @va_list *ap@ = arguments in list
*
* Returns: ---
*
* * "[!]..." ... -- @dstr_putf@-like string as single token
*/
-extern void a_vformat(dstr */*d*/, const char */*fmt*/, va_list /*ap*/);
+extern void a_vformat(dstr */*d*/, const char */*fmt*/, va_list */*ap*/);
/* --- @a_format@ --- *
*
* presentation.
*/
-extern void a_format(dstr */*d*/, const char */*fmt*/, ...);
+extern void EXECL_LIKE(0) a_format(dstr */*d*/, const char */*fmt*/, ...);
/* --- @a_warn@ --- *
*
* Use: Informs all admin connections of a warning.
*/
-extern void a_warn(const char */*fmt*/, ...);
+extern void EXECL_LIKE(0) a_warn(const char */*fmt*/, ...);
/* --- @a_notify@ --- *
*
* Use: Sends a notification to interested admin connections.
*/
-extern void a_notify(const char */*fmt*/, ...);
+extern void EXECL_LIKE(0) a_notify(const char */*fmt*/, ...);
/* --- @a_create@ --- *
*
* Use: Writes a trace message.
*/
-T( extern void ps_trace(unsigned /*mask*/, const char */*fmt*/, ...); )
+T( extern void PRINTF_LIKE(2, 3)
+ ps_trace(unsigned /*mask*/, const char */*fmt*/, ...); )
/* --- @ps_warn@ --- *
*
* Use: Writes a warning message.
*/
-extern void ps_warn(const char */*fmt*/, ...);
+extern void PRINTF_LIKE(1, 2) ps_warn(const char */*fmt*/, ...);
/* --- @ps_tunfd@ --- *
*
~mdw / tripe / blobdiff